Security at AddToQuote

Enterprise-grade security to protect your business data and customer information.

End-to-End Encryption

All data encrypted using TLS 1.2+ in transit and AES-256-GCM at rest. OAuth tokens and email credentials are individually encrypted.

Shopify OAuth

Authentication handled entirely through Shopify's OAuth 2.0 flow. No passwords stored. Session tokens encrypted in the database.

GDPR Compliance

Automatic GDPR webhook handlers for customer data requests and deletions. Data processed and removed on Shopify's request.

Secure Infrastructure

Hosted on Supabase (managed PostgreSQL) and Cloudflare (CDN + R2 storage) with DDoS protection and encryption at rest.

Data Protection

We implement multiple layers of security to protect your data:

Encryption Standards

  • TLS 1.2+ - All data in transit is encrypted
  • AES-256 - All data at rest is encrypted
  • Shopify OAuth - Secure authentication with Shopify

Infrastructure Security

Our infrastructure is hosted on enterprise-grade cloud providers with:

  • Geographic redundancy across multiple availability zones
  • Automated backups with point-in-time recovery
  • DDoS protection and web application firewall
  • 24/7 infrastructure monitoring and alerting

Compliance

AddToQuote maintains compliance with industry standards:

  • GDPR - European data protection compliance
  • CCPA - California consumer privacy compliance
  • Shopify App Requirements - All Shopify security standards

Vulnerability Management

We maintain a proactive approach to security:

  • Automated vulnerability scanning
  • Regular security training for all team members
  • Encrypted credential storage (AES-256-GCM)

Report a Security Issue

If you discover a security vulnerability, please report it to security@addtoquote.com. We take all reports seriously and will respond within 24 hours.

Contact

For security-related questions or concerns:

  • Security Team: security@addtoquote.com
  • General Support: support@addtoquote.com